I have read an article about an attack on LUKS in CBC mode and had a look at the WP article about CBC and now I am confused. If I have understood that correctly then changing the plaintext of a block affects all following blocks because every block needs the ciphertext of the previous block to be decrypted. Changing the plaintext ($i$) changes the ciphertext so (in my understanding) you have to rewrite the next block ($i+1$) so that the changed ciphertext of $i$ still leads to the correct plaintext of $i+1$. Rewriting $i+1$ causes the same problem for $i+2$.

This doesn't make sense so obviously I misunderstand something important.

1 Answer
1

In short: for disk encryption, data is organized in sectors (for instance of size 512 bytes), and data may be encrypted with a chaining mode of operation such as CBC only inside these sectors, using a different initialization vector for each sector.

Most storage encryptions using CBC mode do work that way. One drawback is that because logical and physical sectors are the same size there is no extra room for a randomized IV. So typically when overwriting a sector the same IV is used as when the sector was previously written. That is not how a real CBC mode is supposed to work.
–
kasperdMay 24 '14 at 18:23